Posts Tagged ‘encryption’

Not a whole lot to say this week, it has mostly been work, sleep, work, sleep, … well you get the picture.

Some noteworthy things however:

Just how, in their infinite wisdom, does the EU expect to test the security of their own servers and services if they are going to outlaw so-called “cyber-attack tools”. For that matter, how do they propose ANY manufacturer of ANY type of digital system perform ANY type of actual security testing worth a damn?

Social AND Private? Well… not quite yet, but if they get the p2p and encryption stuff working, then we’re in business

Update: I suck! I forgot to make the URLs in the links section actually links… updated now.

Thunderbird / Lightning / iCal

I recently started receiving emails including iCal invitations that needed to be answered, but I had no idea how, and Thunderbird does not come with any such functionality out of the box.

The “Lightning” add-on, however, does give Thunderbird features to handle that, and it works really well (if one makes one configuration change in Thunderbird: go to “View” and ensure that “Display Attachments Inline” is checked)

On my netbook, I must have already set this, as it just worked there, whilst I was dumbfounded and needed the guidance from this thread to get it to work on the desktop.

Now every email with an iCal thingy that needs to be responded to will display a question at the top of the email window/tab

chromebooks

I pretty much agree with everything said in this article and for those reasons, a computer running a “cloud OS” will not become a consideration for me, until the computer is running my cloud which I and only I have full control over.

Most people won’t, but I’ll take privacy over simplicity/ease of use (or whatever other selling point is being made about these products) any day of the week.

And while we are speaking about the cloud, and why I dislike it so much, it is convenient that the next topic is related:

dropbox

So, Dropbox, the simple cloud storage and file synchronization service turned out to have a rather huge security flaw: Their employees can (to my knowledge it hasn’t happened, but how would anyone except a potential offender know, and it is this uncertainty which makes me shy away from such services) access their users encrypted shares, since Dropbox stores the encryption keys.

Dropbox is probably just as legit as they have always been, and they have probably never done anything wrong, but I can’t say that incidents like these strengthen my confidence in “the cloud”, at least not clouds operated by third parties, or actually, anyone except for the individual herself.

And that is why it is good to see that alternatives are beginning to crop up.

Jsoup

A friend of mine is doing some Java (Android) hacking, and asked me if I knew of any good web scraping libraries. For Java, my answer was no. For Python I would have instantly responded “Beautiful Soup”. So my answer became: “If I were you, I’d Google for beautiful soup for Java”. And then I did that myself, finding this post which inevitably lead me here.

Learning a programming language by using an IDE can be damaging almost beyond repair.

This might perhaps just be me, but I learned html (albeit not strictly a programming language) in notepad, and have had no problems with html ever.

The same is true for bash, Python, javascript and Erlang. C would be the exception, those damn pointers continues to elude my understanding (not the concept of them, the syntax).

And then there is Java. We were taught to interact with it through an IDE, Eclipse as it was. That was 2005. This Wednesday was the first time I managed to write some barely non-trivial Java, compile it, and execute it, outside the “safety” of an IDE.

The reason for this was that Eclipse, for reasons beyond my understanding, keep crashing a couple of seconds after starting up, and that I had a friend in need of a little technology demonstrator.

And that’s when it really dawned on me. Outside Eclipse… it’s not that I am all that lost, it’s just that everything takes longer, is more tedious, and I have thusly shied away from it, thereby reinforcing that exact pattern.

And that is surely detrimental. I don’t want to be tied to a specific tool in order to be able to perform above average. A specialized tool might perhaps increase the effectiveness further, but being lost without it… that’s just wrong.

In my previous post I wrote about web applications and what I don’t like about them. This post will focus on a solution which I deem better than these web applications.

Will this solution be as easy to use and operate as the web applications? No, it will not. My suggestion does not put its focus on ease of use, but control, and thus security, of the information.

So what, then, is this solution? Set up your own server at home. Let this server be the main hub in your network, available both from inside the network, and outside.

Before anyone starts howling about how hard this is, that ordinary users can’t manage this, look to Microsoft. They are rolling out a new product, the Windows Home Server. They don’t seem to think that running your own server at home is too difficult a task for home-users.

It might seem like I endorse them, of course I don’t. The think tank that is Microsoft have some really bright people on their staff. Their implementations, however, never seem to embody the visions fully.

But nevertheless it represents somewhat of a trend shift. Users are believed capable to run and thus administer, their own servers.

So, why then would this solution be any better than using web applications? There are certainly a few drawbacks:

You need a new computer (the server)

You have one more computer to administer (the server)

You need to keep your software up to date yourself (on the clients)

You need to handle backups yourself (of course, you should anyway)

If you take a look at the previous post, I point out a couple of problems with web applications, these problems, if you turn them around, are exactly the strengths of running your own server, you don’t have to worry where your data is, or who has access to it, you are a small unknown target probably not worth spending any time on attacking, you are not likely to throw yourself out of your own service etc.

Of course, if the server crashes, and you are on the opposite side of the world, you will have a problem, but not as big as you might think, the same is true if you arrive somewhere where there is no Internet connectivity. As you are not using web applications, you are pretty much bound to have a laptop, with essential applications on it, with you and thus it would be foolish not to have an updated copy of the information on the laptop as well. Problem solved. (This of course necessitates the use of whole-disk encryption on the laptop so that the information is safe there as well, should the laptop be stolen)

Ok, so I have covered some heavy duty topics for a home user, servers, administration, encryption. But really, security and control matters, so is this really too much to expect from users? Of course, if something is too hard, or too cumbersome, it won’t be used, it won’t catch on, but is this the case here? Is it too hard configuring a server? Setting up an encrypted file system? With Google, and answers only a click away? Or is the majority of the populous just insanely lazy?